WordPress security flaw – need response from WordPress, not the community.

• 

  gudguy1a · Member · May 27, 2014 at 8:51 pm

  • Copy link
  • Add topic to favorites

  I work in cyber security and this is a serious issue to me.
  I was just informed of the following:
  “Unencrypted cookies leave WordPress accounts exposed to hijacking on insecure networks, even with two-factor authentication”

  I wanted someone at WordPress to let us know when this is likely to be fixed? Thanks.

  The blog I need help with is: (visible only to logged in users)

• 

  timethief · Member · May 27, 2014 at 9:01 pm

  • Copy link

  If you are here to report any sort of security issue with a WordPress.com site, then please send an email with complete details to security [at] automattic.com.

• 

  gudguy1a · Member · May 27, 2014 at 9:59 pm

  • Copy link

  Thank you.

• 

  gudguy1a · Member · May 27, 2014 at 10:04 pm

  • Copy link

  Thanks for the email address – I am using the double ‘t‘ in automattic….

  This was exactly what I was looking for originally but was unable to find it in any of the numerous locations.

• 

  timethief · Member · May 27, 2014 at 10:42 pm

  • Copy link

  You are welcome.

• 

  auxclass · Member · May 27, 2014 at 10:44 pm

  • Copy link

  This page also works – I have used it in the past – even got a note back from Matt for one of my reports

  Security

• 

  jackiedana · Member · May 27, 2014 at 11:04 pm

  • Copy link

  Thanks everyone. We’re aware of the issue and are currently working on a fix.

  Since the issue has been reported, there’s no need to contact us again via the security email/page, as that will just make more work for our developers at this time.